National Security Trumps Privacy

At least according to a survey conducted in January by Quest Software among 474 employees of federal, state, local and municipal agencies, 53% considered national security more important than personal privacy. Only 33.8% felt that personal privacy concerns were more important than national security. 15% of the federal respondents came from DHS, DOJ and HHS

Paul Garver, Quest Software vice president commented:

“I would expect this type of finding if we had a large Defense Department audience, but our audience was mostly civilian agencies. A large part of the government’s position deals with national trust and security. This finding is a result of the focus on national security by so many civilian agencies.”

The survey indicates that although most government IT professionals (69%) believe that identity management is “very important” to their organization or agency, even more overwhelmingly believe its importance will increase (72%) in the next five years. A large majority of government IT professionals report that their organization or agency has complied with the following steps: secured information systems (76%), secured personnel information (72%), and secured access to facilities (75%).

Highlights of the survey:

● About 35% of government IT professionals project that their organization or agency will be compliant with government identity management mandates within the next two years, while 37% report that they “don’t know” when their organization or agency will be compliant. This may reflect on the challenges inherent in the complexity of the requirements and the difficulty experienced by respondents in juggling ongoing and unfunded IdM efforts with existing priorities.

● Respondents point to real business and technology challenges that stand in the way of compliance. The top obstacles cited include the lack of funding, technological complexity and staffing resources.

● The majority of respondents believe Congress should play a more active role by providing more funding and/or require greater planning/collaboration among government entities.

● Over one-half of government IT professionals believe that national security should be the priority even if it means that Americans’ personal privacy could be negatively impacted.

● Over one-half of government IT professionals have either personally seen or heard about someone violating their organization or agency’s security protocols.

● According to about half of respondents, a heterogeneous (mixed-application) environment is “very challenging” or “somewhat challenging” for their organization or agency’s IdM system

The results of this survey suggests that at least among government employees, the adoption of Identity Management (IdM) is a good deal more acceptable than might have been anticipated. Of course, the focus of this study is on the government application of the FIPS201 and HSP12 requirements for Identity Credentials. However, the cross over of these requirements to the non-government world is being debated now.